Add Claude Code GitHub Workflow

[devondragon]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[Copilot]

Pull request overview

This PR updates existing Claude Code GitHub Actions workflows to use a plugin-based approach for code reviews. The changes include migrating from a custom prompt configuration to the Claude Code plugin marketplace system, expanding workflow triggers, and updating documentation URLs.

Changes:

• Updated Claude Code documentation URLs from docs.claude.com to code.claude.com in both workflow files
• Migrated the code review workflow to use a plugin-based system instead of custom prompts
• Expanded PR trigger types to include ready_for_review and reopened in addition to existing triggers

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
.github/workflows/claude.yml	Updated documentation URL in comments from old to new Claude Code docs site
.github/workflows/claude-code-review.yml	Replaced custom prompt and allowed-tools configuration with plugin marketplace approach, added new PR trigger types, and updated documentation URL

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The removal of the custom prompt that referenced CLAUDE.md and the explicit security-focused review instructions appears to be a significant change. The original prompt provided specific guidance on what to review (code quality, bugs, performance, security, test coverage) and instructed Claude to use the repository's CLAUDE.md for style conventions. The new plugin-based approach may not provide the same level of customization. Consider whether the plugin approach provides equivalent functionality or if some of the custom instructions should be retained.

Suggested change

	prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
	prompt: |
	You are performing an in-depth code review for this repository.
	Focus on: code quality, correctness/bugs, performance, security (including validation, authentication/authorization, secrets handling, injection risks, and access control), and test coverage.
	Follow any repository-specific conventions and guidelines described in CLAUDE.md at the root of this repository, if present.
	Then run the following command to analyze the pull request:
	/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}

[Copilot]

The removal of the claude_args with specific allowed-tools restrictions removes an important security control. The previous configuration explicitly limited Claude to specific gh commands for read-only operations (view, search, list, diff) and only allowed commenting on PRs. The new configuration does not specify any tool restrictions, potentially allowing a broader set of operations. This could have security implications. Consider whether the plugin approach includes equivalent restrictions or if explicit allowed_tools should still be specified.

Suggested change

	prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
	prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
	claude_args: >
	--allowed_tools '["gh pr view","gh pr list","gh pr diff","gh pr status","gh pr comment"]'

[Copilot]

The PR description states "This PR adds a GitHub Actions workflow that enables Claude Code integration" and mentions that "@claude mentions won't work until after the merge is complete." However, the changes show that Claude workflows already exist in the repository (claude.yml and claude-code-review.yml). This PR appears to be updating existing workflows rather than adding new ones. The description should be updated to accurately reflect that this is an update/refactoring of existing Claude Code workflows, not an initial installation.